What is “reasonable cybersecurity” and how do courts view it? (SecureWorld interviews)

What is "reasonable cybersecurity" and how do courts view "reasonable cybersecurity"? See KnowB4's discussion of these interviews These are two excellent questions that I was asked and I answered, as succinctly as I could, in two short interviews with SecureWorld. Tell me what you think about my answers. What Is Reasonable Cybersecurity? - SecureWorld article … Continue reading What is “reasonable cybersecurity” and how do courts view it? (SecureWorld interviews)

Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program

As bits of information about the Uber data breach have trickled out, including the purported payment through a bug bounty program, I have been concerned about the implications on legitimate corporate bug bounty programs. My concerns grew when I read the New York Times article, Inside Uber’s $100,000 Payment to a Hacker, and the Fallout.  … Continue reading Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program

3 Legal Points for InfoSec Teams to Consider Before an Incident

As a teaser to my presentation at SecureWorld - Dallas last week, I did a brief interview with SecureWorld and talked about three of the points I would make in my lunch keynote, The Legal Case for Cybersecurity. If you're going to SecureWorld - Denver next week, join me for the lunch keynote on Thursday (11/2) … Continue reading 3 Legal Points for InfoSec Teams to Consider Before an Incident

What do we in the United States really want from our cyber laws?

In my newsfeed are articles in prominent publications discussing the problems with the federal Computer Fraud and Abuse Act from very different perspectives. In the "the CFAA is dangerous for security researchers" corner we have White Hat Hackers and the Internet of Bodies, in Law360, discussing how precarious the CFAA (and presumably, the state hacking laws … Continue reading What do we in the United States really want from our cyber laws?

NIST Cybersecurity Guidance for Small Business Likely Forthcoming

The US House of Representatives has passed legislation similar to that recently passed by the Senate that would require the National Institute of Standards and Technology (NIST) to produce cybersecurity guidance that will be aimed at helping small businesses. The NIST Small Business Cybersecurity Act of 2017 would include NIST’s creating guidelines, tools, and best … Continue reading NIST Cybersecurity Guidance for Small Business Likely Forthcoming